Friday, November 7, 2014

Clever hacker and all around cool guy Dylan Saccomanni viciously pwn'd the popular messaging application GroupMe last week.

The exploit allowed an attacker to signup for a new account while using the phone number of an existing user. The only verification required at that point was a four digit PIN that could be easily brute-forced.

To their credit, GroupMe responded rapidly to Saccomanni's notice and the issue appears to have been resolved.

About Me

Joshua Wieder has been a systems administrator for close to 10 years - specializing in data center and hosting infrastructure using redhat linux, cisco ios, vmware, KVM and containers such as docker and kubernetes. Get in touch with Josh Wieder here on Google+ or using one of the websites on the links page.